Configuring Two-Factor Authentication with a Yubikey Device

Yubico’s YubiKey is a small device that plugs into your computer and, when properly configured, can be used to generate the 6 digit one-time code that, when combined with your personal Wdesk PIN, allows you to securely authenticate with Wdesk.

NOTE: You will need to have your Yubikey device on-hand and available for use to configure it for your account.

Configuring Your Yubikey Device

To configure the YubiKey you will need the appropriate version of the Yubico Cross-Platform Personalization Tool for your operating system, found at the Yubico website.

After inserting your YubiKey into a USB port, start the YubiKey Personalization Tool. Ensure that the "YubiKey is inserted" message is visible in the upper right hand corner, then click the “OATH-HOTP Mode” link.

image alt text

When prompted to choose a programming method, choose Advanced.

Ensure Configuration Slot 1 is selected (1) and OATH Token Identifier is not selected (2). Then generate a random secret key by clicking the Generate button (3), and finally save the configuration settings to the YubiKey device by clicking Write Configuration (4).

image alt text

After completing the configuration steps, you may see the following warning dialog. Click Yes button to proceed.

image alt text

Once the configuration is complete, a message will appear in the Results box at the bottom of the window confirming the successful configuration.

With the YubiKey configuration complete, you now can proceed to the Wdesk setup steps. You will need to copy the device serial number (1) and secret key (2) into a text file.

image alt text

Adding an Individual Device to Wdesk

If you only need to add one device to your account, you can do so through the Add Device option under the OTP Devices section of the Admin.

image alt text

You will then be prompted to enter the device's Serial Number and Secret key.

image alt text

Once you've entered the required information, click Add Device in the dialog window to save that device to your account.

Adding Multiple Yubikeys to Wdesk

If you need to add multiple devices at once, open a text editing program such Notepad and paste the device serial number (1), followed by a comma, the secret key (2), followed by another comma, and finally the text: yubikey (3). For multiple devices, enter one set of information per line. After you've entered all your information, save this as .CSV file.

image alt text

With the YubiKey device(s) configured and CSV file created, you can now go to the Wdesk configuration steps. First, navigate to the OTP Devices section of the Admin. You will now import the CSV file created previously by clicking Bulk Device Import.

NOTE: Wdesk also supports the use of PSKC files.

image alt text

When the Device Import window appears, click the Browse button and locate the CSV or PSCK file. Once you've selected the appropriate file, click Open to select the file for upload.

Finally, click the Upload PSKC or CSV button to complete this step.

image alt text

Assigning a Device

With the device(s) imported into Wdesk, you can now assign a user to the YubiKey device by clicking the Assign button located to the right of each unassigned device.

image alt text

Select the user that you wish to associate with this device by typing the username in the Username field, and finish by clicking the Save changes button.

image alt text

The user will receive an email instructing them how to complete the setup of their personal 4 to 30 digit PIN. After configuring their PIN, the user will now enter his or her username and in the password field, enter the chosen PIN and then press the YubiKey button to complete the secure one-time use password.

If prompted for the Current OTP Device Digits, touch the button on the YubiKey. This will generate the secure 6 digit OTP code used to verify possession of the device and allow configuring your PIN.